How To Guide January 3, 2023 (TQ1A.230105.002 - Global / .A1 Telstra) - Unlock bootloader / Root Pixel 7 Pro [Cheetah] / SafetyNet

Search This thread

collegencmc

Senior Member
Jun 18, 2009
152
28
Hey All,

So thanks to roirraW I was able to root my 7 pro after doing:

fastboot flash init_boot magisk_patched-xx.img

however I'm findings some app's think I'm rooted even though they are apart of the DenyList, also Adaway isn't blocking any ads any more. Is there another step I need to do? I know I'm rooted because I can adb shell-> su-> props (MagiskHidePropsConf) to allow for wifi tethering.

Thanks,
 

roirraW "edor" ehT

Forum Moderator
Staff member
Hey All,

So thanks to roirraW I was able to root my 7 pro after doing:

fastboot flash init_boot magisk_patched-xx.img

however I'm findings some app's think I'm rooted even though they are apart of the DenyList, also Adaway isn't blocking any ads any more. Is there another step I need to do? I know I'm rooted because I can adb shell-> su-> props (MagiskHidePropsConf) to allow for wifi tethering.

Thanks,
Hi, did you follow all the rest of the steps in the SafetyNet section of Post #2? Most specifically, the version of the Universal SafetyNet Fix to install.

I wouldn't be able to say about AdAway. Maybe they need to update it to work with the Pixel 7 Pro - I'm not currently using it.
 
  • Like
Reactions: Lughnasadh

collegencmc

Senior Member
Jun 18, 2009
152
28
Hi, did you follow all the rest of the steps in the SafetyNet section of Post #2? Most specifically, the version of the Universal SafetyNet Fix to install.

I wouldn't be able to say about AdAway. Maybe they need to update it to work with the Pixel 7 Pro - I'm not currently using it.
So I'm using: safetynet-fix-v2.3.1-api33.zip found here: https://forum.xda-developers.com/t/...gain-all-relevant-links.4502805/post-87579103

I tired using safetynet-fix-v2.3.1-MOD_2.0.1.zip but it failed CTS. Let me try: safetynet-fix-v2.3.1-MOD_2.0.zip and I will report back. Thx for the help!! :D

Update: So now I'm on safetynet-fix-v2.3.1-MOD_2.0.zip but it still doesn't enforce DenyList on all apps :( but does pass all Safetynet test. Will keep an eye out for updates to it.

Let me know if any other ideas in mean time. Thanks again!!
 
Last edited:
  • Like
Reactions: roirraW "edor" ehT

PurppleMonkey

Senior Member
Jun 21, 2013
117
28
Correct, as long as you also remove the -w from the flash-all-.sh so that:

Code:
fastboot -w update image-cheetah-td1a.220804.031.zip
becomes
Code:
fastboot update image-cheetah-td1a.220804.031.zip

The -w wipes your phone.
Just for information, when you say the command wipes the phone, do you mean it erases everything?


I don't have it in the instructions, but if you use Official Google Android Flash Tool instead of flash-all, maybe you'll have better luck. It's generally considered the more user-friendly way. You'll still need the factory image zip, so that you can pull the init_boot.img out of the inner zip file - plus it's good to have all the files handy for if anything does go wrong.

If you use the Official Google Android Flash Tool you should have the following items not selected:
  • Deselect Wipe
  • Deselect Force Flash all partitions (which will also wipe)
  • Deselect re-lock bootloader
For first-time rooting, it matters less if you let either tool wipe your phone. Feel free to wipe them if you wish to go through the first setup process - which will let you access the Google cloud restore steps, so you can restore the apps and a lot of the app data if you had your previous phone set to do Google cloud backups.


At Official Google Android Flash Tool. If you use it, just substitute it for almost half the steps in my How to update each month (and also how to root) section of Post #2. Edit: There are only two particular steps to skip when using the Android Flash Tool. I've now updated my instructions to indicate which steps to skip in that case.


Nothing I can think of. That's typically the safest part of the process (and actually gives you more options to recover from catastrophe in most circumstances).
Maybe I'll try with the official google tool after unlocking the bootloader!




Can we buy you a coffee by making a donation somewhere?
Ignore what I said before about skipping steps 1 through 8. There are only two particular steps to skip when using the Android Flash Tool. I've now updated my instructions to indicate which steps to skip in that case.
Ok Thanks !

Did you get prompted to update to the latest SDK even though you were on latest SDK?
if so, please provide details in PF thread (support.zip would be best), this should not happen and I have not seen this happen with anyone.
Yes exactly, the command prompt asked me to download the latest version of platform-tools while I already have the latest version (33.0.3) on my MAC (with M1 chip).

PF checks your current Platform tools against the latest (currently set in the app to 33.0.3) and if it sees it to be older, it is only then that it warns you.
On the other hand you are saying "Maybe it's better to use pixel-flasher" are you suggesting that, because PF caught you using an older version, you prefer using PF, as it catches certain user oversights?
It was not PF that alerted me, but the command prompt following this tutorial when I first tried the "flash-all.sh" command

Thanks,

This comment threw me off
This is the message received from the command prompt, not PF
 
  • Like
Reactions: roirraW "edor" ehT

PurppleMonkey

Senior Member
Jun 21, 2013
117
28
I have to admit, I don't understand it exactly either, and I failed to ask where that message came from. Hopefully, @PurppleMonkey will clarify.

This message is from the command prompt. I put you the screenshot of the line of code responsible for this error message (Line of code extracted from "Flash-all.sh"

1666068275709.png
 
  • Like
Reactions: roirraW "edor" ehT

NepoRood

Recognized Contributor / Retired Forum Moderator
Jan 26, 2016
2,995
3,999
Bugtussle
That works for OTA, but if for any stupid reason the active slot somehow gets corrupted, then the system is unuseable (not necessarily unrecoverable).
As a modder, considering that we mock with the phone a lot, it's prudent that our first flash is to both slots.
After that, it's a good practice to flash to inactive slot, even when doing factory image based flashing to make sure we always have something recent to fallback on in case anything goes wrong.
All one has to do is change slots before doing the flash_all

Yeah, this is exactly what I was thinking and why when I found out I had no radio on my inactive slot I immediately flashed the factory image to that slot. There is no reason why a phone should ship with firmware on only one slot since obviously OTAs can be taken when a slot is full.

In this circumstance, however, I think it was just the radio that was missing as I believe there was a bootloader image reported on that inactive slot. Still very disconcerting, especially in your scenario where if something should happen to make the active slot unbootable.

Good points for sure, I was just spit balling, lol
 

Namelesswonder

Senior Member
Jan 26, 2014
384
636
Google Pixel XL
Google Pixel 7 Pro
Yeah, this is exactly what I was thinking and why when I found out I had no radio on my inactive slot I immediately flashed the factory image to that slot. There is no reason why a phone should ship with firmware on only one slot since obviously OTAs can be taken when a slot is full.

In this circumstance, however, I think it was just the radio that was missing as I believe there was a bootloader image reported on that inactive slot. Still very disconcerting, especially in your scenario where if something should happen to make the active slot unbootable.
Good points for sure, I was just spit balling, lol

I just tested recently and the bootloader version doesn't report properly for the other slot. I did a last ditch effort with downgrading to solve my eio mode woes (which it did solve, strange that flashing over with same version and resetting didn't) and in the process I noticed that even when the bootloader on the other slot was a different version it would still report the currently booted version. So it's entirely possible that there is nothing on the other slot.

Before I did my last ditch effort I ordered a 256GB with the intent to return my current phone, so I guess I can test the hypothesis when it comes in. Hope it doesn't brick it. :)
 

pndwal

Senior Member
Thanks for the explanation, definitely makes sense to me. I don't know what the slots should look like on a brand new, fresh out of the box device.... I'm guessing they're both loaded with the shipped firmware.
I don't know for certain if a new device comes with firmware on both slots, but I would think that it would. We pretty much get an OTA out of the box, what if it fails? That's my thinking anyway...
As you said, a new phone should come with full firmware on both slots... when I checked the radio version of my inactive and untouched slot using fastboot getvar version-baseband , it came back as unknown... or there really wasn't a radio, or something else, not sure.
Actually FWIW, 2nd slot ships w/o installed system, but /system is filled w/ odex files for system apps which are loaded to /data the first time user boots the device...

Basically A/B seamless updates actually halved the size of the system partition
https://source.android.com/docs/core/ota/ab/ab_faqs#how-did-ab-affect-the-2016-pixel-partition-sizes
and that's how Google were able to do this; by leaving odex files out of active /system slot (these were consuming about half the space) and simply moving them to /data when user first boots the phone, most of the space needed for dual slots is actually recovered...
https://source.android.com/docs/cor...size-of-the-system-partition-without-squashfs

The cited article goes on to explain why this 'doesn't really' impact on /data... bit complex... And why this doesn't mean slower reboot after an OTA but does impact reboot time after Factory data reset etc...

👀 PW
 

Lughnasadh

Senior Member
Mar 23, 2015
4,655
5,260
Google Nexus 5
Huawei Nexus 6P
Actually FWIW, 2nd slot ships w/o installed system, but /system is filled w/ odex files for system apps which are loaded to /data the first time user boots the device...

Basically A/B seamless updates actually halved the size of the system partition
https://source.android.com/docs/core/ota/ab/ab_faqs#how-did-ab-affect-the-2016-pixel-partition-sizes
and that's how Google were able to do this; by leaving odex files out of active /system slot (these were consuming about half the space) and simply moving them to /data when user first boots the phone, most of the space needed for dual slots is actually recovered...
https://source.android.com/docs/cor...size-of-the-system-partition-without-squashfs

The cited article goes on to explain why this 'doesn't really' impact on /data... bit complex... And why this doesn't mean slower reboot after an OTA but does impact reboot time after Factory data reset etc...

👀 PW
Yes, for sure. This is one of the characteristics of the A/B seamless updates implemented a while back. But this doesn't explain why there is no radio being reported on the inactive slot. And if indeed there is no radio, what other critical partitions may be missing? It's inconceivable that they would ship a new phone without a radio on both slots.

Interestingly though, after flashing the factory image to the inactive slot it did indeed report the correct baseband version, as expected.
 

roirraW "edor" ehT

Forum Moderator
Staff member
So I'm using: safetynet-fix-v2.3.1-api33.zip found here: https://forum.xda-developers.com/t/...gain-all-relevant-links.4502805/post-87579103

I tired using safetynet-fix-v2.3.1-MOD_2.0.1.zip but it failed CTS. Let me try: safetynet-fix-v2.3.1-MOD_2.0.zip and I will report back. Thx for the help!! :D

Update: So now I'm on safetynet-fix-v2.3.1-MOD_2.0.zip but it still doesn't enforce DenyList on all apps :( but does pass all Safetynet test. Will keep an eye out for updates to it.

Let me know if any other ideas in mean time. Thanks again!!
The "safetynet-fix-v2.3.1-MOD_2.0.zip" available from Displax' XDA post and website are the most recent official releases, so I curious where you found "safetynet-fix-v2.3.1-MOD_2.0.1.zip".

You had manually added the apps necessary to Magisk's DenyList, as per my SafetyNet instructions in Post #2?

Just for information, when you say the command wipes the phone, do you mean it erases everything?
Yes, the "-w" in fastboot -w update image-cheetah-td1a.220804.031.zip erases everything, just like a factory reset, which is why, normally when you update the phone with each month's latest firmware, you would normally remove the "-w".

Maybe I'll try with the official google tool after unlocking the bootloader!

Can we buy you a coffee by making a donation somewhere?
No, but I appreciate the thought very much. I used to take donations years ago. I just like helping people the way I was helped when I first came to XDA. Thank you!

Yes exactly, the command prompt asked me to download the latest version of platform-tools while I already have the latest version (33.0.3) on my MAC (with M1 chip).

It was not PF that alerted me, but the command prompt following this tutorial when I first tried the "flash-all.sh" command

This is the message received from the command prompt, not PF
Ah! I should've loaded the flash-all.sh file and taken a look. I assumed it was nearly identical to the Windows flash-all.bat, but the .sh is different than the .bat. If I knew I was using the latest and it kept throwing that error, I would be tempted to take out those lines of the .sh, leaving you with:

Code:
#!/bin/sh

# Copyright 2012 The Android Open Source Project
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

fastboot flash bootloader bootloader-cheetah-cloudripper-1.0-9070028.img
fastboot reboot-bootloader
sleep 5
fastboot flash radio radio-cheetah-g5300g-220908-220908-b-9040061.img
fastboot reboot-bootloader
sleep 5
fastboot -w update image-cheetah-td1a.220804.031.zip

This message is from the command prompt. I put you the screenshot of the line of code responsible for this error message (Line of code extracted from "Flash-all.sh"

View attachment 5737713
Thanks for the information and the screenshot.
 

PurppleMonkey

Senior Member
Jun 21, 2013
117
28
Yes, the "-w" in fastboot -w update image-cheetah-td1a.220804.031.zip erases everything, just like a factory reset, which is why, normally when you update the phone with each month's latest firmware, you would normally remove the "-w".
TY.

Ah! I should've loaded the flash-all.sh file and taken a look. I assumed it was nearly identical to the Windows flash-all.bat, but the .sh is different than the .bat. If I knew I was using the latest and it kept throwing that error, I would be tempted to take out those lines of the .sh, leaving you with:

Code:
#!/bin/sh

# Copyright 2012 The Android Open Source Project
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

fastboot flash bootloader bootloader-cheetah-cloudripper-1.0-9070028.img
fastboot reboot-bootloader
sleep 5
fastboot flash radio radio-cheetah-g5300g-220908-220908-b-9040061.img
fastboot reboot-bootloader
sleep 5
fastboot -w update image-cheetah-td1a.220804.031.zip

Yes, that's what I did. But what I don't understand is why it displayed this error when I ran the command prompt in the "Platform-tools" folder downloaded from the official site in version 33.0.3... Interesting!


Well.. I just splurged, ordered a new one directly from google. He arrives tomorrow. I will follow your tutorial using PF after unlocking the Bootloader.

I have 2,5 questions:
1) on the command prompt, there is a way to know which version of platform-tools is used, on PF we can know it in advance?

2) When I run the command Flash-all.sh, normally I would go through all these steps (on MAC):

Code:
./fastboot flash bootloader bootloader-cheetah-cloudripper-1.0-9070028.img
./fastboot reboot-bootloader
sleeping 5
./fastboot radio flash radio-cheetah-g5300g-220908-220908-b-9040061.img
./fastboot reboot-bootloader
sleeping 5
./fastboot update image-cheetah-td1a.220804.031.zip

But, if in my case, like the first time, the process stops here:

Code:
./fastboot flash bootloader bootloader-cheetah-cloudripper-1.0-9070028.img
./fastboot reboot-bootloader

--What should I do ?
--Why wouldn't "Sleep 5" work for me?




EDIT : Instead of "cheetah" Mine, should be "Panther"
 
Last edited:
  • Like
Reactions: roirraW "edor" ehT

whatsisnametake2

Senior Member
Sep 15, 2008
418
173
Samsung Galaxy S7
Google Pixel 6 Pro
Hey All,

So thanks to roirraW I was able to root my 7 pro after doing:

fastboot flash init_boot magisk_patched-xx.img

however I'm findings some app's think I'm rooted even though they are apart of the DenyList, also Adaway isn't blocking any ads any more. Is there another step I need to do? I know I'm rooted because I can adb shell-> su-> props (MagiskHidePropsConf) to allow for wifi tethering.

Thanks,
you have selected systemless hosts in magisk?
 

roirraW "edor" ehT

Forum Moderator
Staff member
You're welcome!

Yes, that's what I did. But what I don't understand is why it displayed this error when I ran the command prompt in the "Platform-tools" folder downloaded from the official site in version 33.0.3... Interesting!
Indeed, no idea. I would emulate a mac and see what happens for me but it's not an easy task since I use Hyper-V a ton on my personal computer on a regular basis.

Well.. I just splurged, ordered a new one directly from google. He arrives tomorrow. I will follow your tutorial using PF after unlocking the Bootloader.
To be clear, my tutorial doesn't involve PixelFlasher at all. I've never used it. I use the manual method every month, and once or at the most twice used the Official Google Android Flash Tool instead when I had a weird issue, and I adjusted my instructions to indicate which two steps to skip if you're using this Android Flash Tool instead of the factory image (although you still need the factory image for the init_boot.img file).

I have 2,5 questions:
1) on the command prompt, there is a way to know which version of platform-tools is used, on PF we can know it in advance?
The only way I know is to send the command:
Code:
adb /?

I don't know if it would be different at all on a Mac.

S:\platform-tools>adb /?
Android Debug Bridge version 1.0.41
Version 33.0.3-8952118
Installed as S:\platform-tools\adb.exe

global options:
-a listen on all network interfaces, not just localhost
-d use USB device (error if multiple devices connected)
-e use TCP/IP device (error if multiple TCP/IP devices available)
-s SERIAL use device with given serial (overrides $ANDROID_SERIAL)
-t ID use device with given transport id
-H name of adb server host [default=localhost]
-P port of adb server [default=5037]
-L SOCKET listen on given socket for adb server [default=tcp:localhost:5037]
--one-device SERIAL|USB only allowed with 'start-server' or 'server nodaemon', server will only connect to one USB device, specified by a serial number or USB device address.
--exit-on-write-error exit if stdout is closed

general commands:

<snipped a long list of commands in different categories>

So it does at least say 33.0.3. There doesn't seem to be a similar way for Fastboot, or at least not as easy. Anyone, please fill me in if there is a way - I don't have time to look into it right now.

For what it's worth, every month I rename my old platform-tools folder (the one I used to update to the previous month's firmware), and I freshly extract the latest platform-tools to a new folder, so everything's nice and clean - plus I keep the old firmware and files handy in case I need to flash back in a hurry.

2) When I run the command Flash-all.sh, normally I would go through all these steps (on MAC):

Code:
./fastboot flash bootloader bootloader-cheetah-cloudripper-1.0-9070028.img
./fastboot reboot-bootloader
sleeping 5
./fastboot radio flash radio-cheetah-g5300g-220908-220908-b-9040061.img
./fastboot reboot-bootloader
sleeping 5
./fastboot update image-cheetah-td1a.220804.031.zip

But, if in my case, like the first time, the process stops here:

Code:
./fastboot flash bootloader bootloader-cheetah-cloudripper-1.0-9070028.img
./fastboot reboot-bootloader

--What should I do ?
--Why wouldn't "Sleep 5" work for me?
I don't know enough about Macs to be able to help with that directly, but you can just copy and paste the individual commands at the right time yourself. Let yourself be the "sleeper". :)

EDIT : Instead of "cheetah" Mine, should be "Panther"
You're using the correct factory image, then? The Panther one? You're scaring me by showing a copy and paste from the Cheetah flash-all.sh. :D

you have selected systemless hosts in magisk?
Ah! I forgot to put that step in my instructions! Thank you.

Edit: Added now. DOH me!
 

PurppleMonkey

Senior Member
Jun 21, 2013
117
28
I don't know enough about Macs to be able to help with that directly, but you can just copy and paste the individual commands at the right time yourself. Let yourself be the "sleeper". :)

Hahahahah, You're right ! In this case, no need to specify a slot (a or b) or desable Verity and verification through prompt command ?

You're using the correct factory image, then? The Panther one? You're scaring me by showing a copy and paste from the Cheetah flash-all.sh. :D
hahahaha yes, i just copied your text with cheetah inside ! Mine is Panther on my computer, no need to use your gun !
 
  • Like
Reactions: roirraW "edor" ehT

pndwal

Senior Member
Yes, for sure. This is one of the characteristics of the A/B seamless updates implemented a while back. But this doesn't explain why there is no radio being reported on the inactive slot. And if indeed there is no radio, what other critical partitions may be missing? It's inconceivable that they would ship a new phone without a radio on both slots.
Why load anything in B slots if you're not going to ship with a working B system??... What's the point of unused baseband?...

As soon as you take an OTA, all necessary partitions are populated... With A/B Streaming update support the whole thing will necessarily be overwritten anyway; the update engine doesn't consider any data on B...

The delta differential payload algorithm simply uses blocks from active (A in this case) partition plus the delta payload (basically combines zero-filled block address info, unchanged block address info, binary blobs for new files and binary diff blobs for changed files) to produce the update by writing blocks directly to the B partition as they are read/downloaded...

What's on the inactive slot prior to an OS being installed there makes no difference.
Interestingly though, after flashing the factory image to the inactive slot it did indeed report the correct baseband version, as expected.
Wouldn't expect anything else!...

🙂 PW
 

roirraW "edor" ehT

Forum Moderator
Staff member
Hahahahah, You're right ! In this case, no need to specify a slot (a or b)
The correct commands in post #2 are literal - there's no need to specify a slot, in which case, the currently active slot is the one that's flashed. If you opted to do anything at all with slots, as several users said recently in this thread, each month you flash a new factory image, you could change slots beforehand, but it's completely optional. I only list the steps you absolutely must take in my instructions.

The optional commands to switch slots are:
Code:
adb reboot bootloader
(wait for phone to boot into the bootloader / fastboot mode)

fastboot set_active other
fastboot reboot bootloader
then proceed with the commands from the flash-all.sh/flash-all.bat

or desable Verity and verification through prompt command ?
The only part of my instructions that references that is the Optional next steps when updating - flashing custom kernels portion. Right now, if you plan on flashing a custom kernel - which is optional - you must disable those things and disabling Verification requires that you factory reset the device after, otherwise you'll get a screen that says the device is corrupted. All that's required to fix that is to factory reset, which again, will wipe everything.

The developers are working on getting the kernel flashing on the Pixel 7 Pro to a point where you at least don't need to disable Verification (disabling just Verity doesn't require a factory reset). This happened on the Pixel 6 Pro, too, and took a month or two before they developed a way for custom kernels to be able to be used without disabling either of those.

My advice is to wait, but it's completely up to you.

Note that if you disable them now, then every time you update the firmware (effectively, any time you run commands that end up flashing vbmeta.img, which the flash-all scripts do), you must re-disable them because the default action when flashing vbmeta.img is to enable them. If you forget to re-disable them, then if you disable them again later, you'll have to factory reset the device yet again.

Edit: You can also reference what I said about this subject recently here.

hahahaha yes, i just copied your text with cheetah inside ! Mine is Panther on my computer, no need to use your gun !
I figured, but I just wanted to make sure. :D LOL!
 
Last edited:

Top Liked Posts

  • There are no posts matching your filters.
  • 22
    I would expect that once 2.4.0 is released publicly, we should probably go back to using the official release, but conversely, as long as something works for you, there's also not necessarily a need to fix what isn't broken. Personally, I plan on switching once it's made completely public.

    Note that @Displax wasn't trying to replace the official version - they always kept it the same version as the most recent official along with "Mod", "Mod 2", or "Mod 2.1", so that suggests to me they were merely making temporary workarounds until/if the official was updated.
    Indeed. My MOD is a temporary solution until kdrag0n release accurate fix.

    I didn't change the update channel in the module on purpose so that everyone can upgrade to the new official version automatically without any problems.
    6
    @kdrag0n has some interesting work going on for the official Universal SafetyNet Fix (USNF) v2.4.0, that's now in testing.
    5
    @kdrag0n has some interesting work going on for the official Universal SafetyNet Fix (USNF) v2.4.0, that's now in testing.
    He's released it to his Patreon members. Hopefully it will be released to the general public in a week or two.

    Highlights​

    • Play Integrity bypass without breaking device checks or causing other issues
    • Disabled use of hardware attestation on Pixel 7 and newer (@anirudhgupta109)

    Other changes​

    • Updated instructions for newer Android and Magisk versions
    • Better debugging for future development
    It's taken a while to find way to bypass Play Integrity that doesn't require spoofing the build fingerprint permanently, but I wanted to make sure this module doesn't cause any unnecessary breakage. Just like the original goal of Universal SafetyNet Fix, this minimizes adverse effects by spoofing dynamically at runtime only when necessary. Enjoy!
    5
    So for those who are more knowledgeable in such matters, do you experts think/predict that we would go back to using this standard official Universal SafetyNet Fix? Or need to continue to use Displax's mod branched off of kdrag0n's? Or is kdrag0n's incorporating Displax's modifications (from the small changelog Lughnasadh posted and I understand it, kdrag0n is attempting to spoof only when necessary whereas Displax's may spoof it continuously[?]) and using it is essentially the same as using the one with Displax's mod? Or am I just totally off the mark and kdrag0n's official USNF is slated for other devices outside of Pixels? -- When USNF and MagiskHide Props Config stopped working for getting Google Pay to work properly for a window of time there (about 6 weeks), for a small period of time I stepped away from updating my firmware and proper root hiding. When I came back, I found that, while USNF may have continued to work for other devices, Displax's mod was necessary to work for Pixels(?).

    Sorry if I may be rather out of touch and/or misunderstanding of the situation; hence the request for some clarification in the pursuit of understanding things better...
    I would expect that once 2.4.0 is released publicly, we should probably go back to using the official release, but conversely, as long as something works for you, there's also not necessarily a need to fix what isn't broken. Personally, I plan on switching once it's made completely public.

    Note that @Displax wasn't trying to replace the official version - they always kept it the same version as the most recent official along with "Mod", "Mod 2", or "Mod 2.1", so that suggests to me they were merely making temporary workarounds until/if the official was updated.

    The methods used in 2.4.0 sound superior to the implementation used in the Mod versions. Some users had previously reported a Mod version making their device at least temporarily reported as a wrong (old) device, and 2.4.0 should prevent that.
    5
    13.0.0 (TQ1A.230105.002, Jan 2023)FlashLink34d676ff4d260f02d9ada1f16f24fd7995c9b9ca832410099950d9c510db8793
    13.0.0 (TQ1A.230105.002.A1, Jan 2023, Telstra)FlashLink6632344c9647b04bfce622b0decf3733dfb3bc5c3b2c068ea118f8631c1b39b8

    Android Security Bulletin—January 2023​

    bookmark_border
    Published January 3, 2022
    The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2023-01-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version.
    Android partners are notified of all issues at least a month before publication. Source code patches for these issues will be released to the Android Open Source Project (AOSP) repository in the next 48 hours. We will revise this bulletin with the AOSP links when they are available.
    The most severe of these issues is a high security vulnerability in the Framework component that could lead to local escalation of privilege with no additional execution privileges needed. The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed.
    Refer to the Android and Google Play Protect mitigations section for details on the Android security platform protections and Google Play Protect, which improve the security of the Android platform.
    Note: Information on the latest over-the-air update (OTA) and firmware images for Google devices is available in the January 2023 Pixel Update Bulletin.

    Android and Google service mitigations​

    This is a summary of the mitigations provided by the Android security platform and service protections such as Google Play Protect. These capabilities reduce the likelihood that security vulnerabilities could be successfully exploited on Android.
    • Exploitation for many issues on Android is made more difficult by enhancements in newer versions of the Android platform. We encourage all users to update to the latest version of Android where possible.
    • The Android security team actively monitors for abuse through Google Play Protect and warns users about Potentially Harmful Applications. Google Play Protect is enabled by default on devices with Google Mobile Services, and is especially important for users who install apps from outside of Google Play.

    2023-01-01 security patch level vulnerability details​

    In the sections below, we provide details for each of the security vulnerabilities that apply to the 2023-01-01 patch level. Vulnerabilities are grouped under the component they affect. Issues are described in the tables below and include CVE ID, associated references, type of vulnerability, severity, and updated AOSP versions (where applicable). When available, we link the public change that addressed the issue to the bug ID, like the AOSP change list. When multiple changes relate to a single bug, additional references are linked to numbers following the bug ID. Devices with Android 10 and later may receive security updates as well as Google Play system updates.

    Framework​

    The most severe vulnerability in this section could lead to local escalation of privilege with no additional execution privileges needed.
    CVEReferencesTypeSeverityUpdated AOSP versions
    CVE-2022-20456A-242703780EoPHigh10, 11, 12, 12L, 13
    CVE-2022-20489A-242703460EoPHigh10, 11, 12, 12L, 13
    CVE-2022-20490A-242703505EoPHigh10, 11, 12, 12L, 13
    CVE-2022-20492A-242704043EoPHigh10, 11, 12, 12L, 13
    CVE-2022-20493A-242846316EoPHigh10, 11, 12, 12L, 13
    CVE-2023-20912A-246301995EoPHigh13
    CVE-2023-20916A-229256049EoPHigh12, 12L
    CVE-2023-20918A-243794108EoPHigh10, 11, 12, 12L, 13
    CVE-2023-20919A-252663068EoPHigh13
    CVE-2023-20920A-204584366EoPHigh10, 11, 12, 12L, 13
    CVE-2023-20921A-243378132EoPHigh10, 11, 12, 12L, 13
    CVE-2022-20494A-243794204DoSHigh10, 11, 12, 12L, 13
    CVE-2023-20908A-239415861DoSHigh10, 11, 12, 12L, 13
    CVE-2023-20922A-237291548DoSHigh11, 12, 12L, 13

    System​

    The most severe vulnerability in this section could lead to local escalation of privilege of BLE with no additional execution privileges needed.
    CVEReferencesTypeSeverityUpdated AOSP versions
    CVE-2022-20461A-228602963EoPHigh10, 11, 12, 12L, 13
    CVE-2023-20904A-246300272EoPHigh12L, 13
    CVE-2023-20905A-241387741EoPHigh10
    CVE-2023-20913A-246933785EoPHigh10, 11, 12, 12L, 13
    CVE-2023-20915A-246930197EoPHigh10, 11, 12, 12L, 13

    Google Play system updates​

    The following issues are included in Project Mainline components.
    SubcomponentCVE
    MediaProviderCVE-2023-20912

    2023-01-05 security patch level vulnerability details​

    In the sections below, we provide details for each of the security vulnerabilities that apply to the 2023-01-05 patch level. Vulnerabilities are grouped under the component they affect. Issues are described in the tables below and include CVE ID, associated references, type of vulnerability, severity, and updated AOSP versions (where applicable). When available, we link the public change that addressed the issue to the bug ID, like the AOSP change list. When multiple changes relate to a single bug, additional references are linked to numbers following the bug ID.

    Kernel​

    The most severe vulnerability in this section could lead to remote code execution with no additional execution privileges needed.
    CVEReferencesTypeSeveritySubcomponent
    CVE-2022-42719A-253642087
    Upstream kernel [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14]
    RCECriticalmac80211
    CVE-2022-42720A-253642015
    Upstream kernel [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14]
    RCECriticalWLAN
    CVE-2022-42721A-253642088
    Upstream kernel [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14]
    RCECriticalMultiple Modules
    CVE-2022-2959A-244395411
    Upstream kernel
    EoPHighPipe

    Kernel components​

    The most severe vulnerability in this section could lead to remote code execution with no additional execution privileges needed.
    CVEReferencesTypeSeveritySubcomponent
    CVE-2022-41674A-253641805
    Upstream kernel [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14]
    RCECriticalWLAN
    CVE-2023-20928A-254837884
    Upstream kernel
    EoPHighBinder driver

    Kernel LTS​

    The following kernel versions have been updated. Kernel version updates are dependent on the version of Android OS at the time of device launch.
    ReferencesAndroid Launch VersionKernel Launch VersionMinimum Launch Version
    A-224575820125.105.10.101

    Imagination Technologies​

    This vulnerability affects Imagination Technologies components and further details are available directly from Imagination Technologies. The severity assessment of this issue is provided directly by Imagination Technologies.
    CVEReferencesSeveritySubcomponent
    CVE-2022-20235A-259967780 *HighPowerVR-GPU

    MediaTek components​

    These vulnerabilities affect MediaTek components and further details are available directly from MediaTek. The severity assessment of these issues is provided directly by MediaTek.
    CVEReferencesSeveritySubcomponent
    CVE-2022-32635A-257714327
    M-ALPS07573237 *
    Highgps
    CVE-2022-32636A-257846591
    M-ALPS07510064 *
    Highkeyinstall
    CVE-2022-32637A-257860658
    M-ALPS07491374 *
    Highhevc decoder

    Unisoc components​

    These vulnerabilities affect Unisoc components and further details are available directly from Unisoc. The severity assessment of these issues is provided directly by Unisoc.
    CVEReferencesSeveritySubcomponent
    CVE-2022-44425A-258731891
    U-2028856 *
    HighKernel
    CVE-2022-44426A-258728978
    U-2028856 *
    HighKernel
    CVE-2022-44427A-258736883
    U-1888565 *
    HighKernel
    CVE-2022-44428A-258741356
    U-1888565 *
    HighKernel
    CVE-2022-44429A-258743555
    U-1981296 *
    HighKernel
    CVE-2022-44430A-258749708
    U-1888565 *
    HighKernel
    CVE-2022-44431A-258741360
    U-1981296 *
    HighKernel
    CVE-2022-44432A-258743558
    U-1981296 *
    HighKernel
    CVE-2022-44434A-258760518
    U-2064988 *
    HighAndroid
    CVE-2022-44435A-258759189
    U-2064988 *
    HighAndroid
    CVE-2022-44436A-258760519
    U-2064988 *
    HighAndroid
    CVE-2022-44437A-258759192
    U-2064988 *
    HighAndroid
    CVE-2022-44438A-258760781
    U-2064988 *
    HighAndroid

    Qualcomm components​

    These vulnerabilities affect Qualcomm components and are described in further detail in the appropriate Qualcomm security bulletin or security alert. The severity assessment of these issues is provided directly by Qualcomm.
    CVEReferencesSeveritySubcomponent
    CVE-2022-22088A-231156521
    QC-CR#3052411
    CriticalBluetooth
    CVE-2022-33255A-250627529
    QC-CR#3212699
    HighBluetooth

    Qualcomm closed-source components​

    These vulnerabilities affect Qualcomm closed-source components and are described in further detail in the appropriate Qualcomm security bulletin or security alert. The severity assessment of these issues is provided directly by Qualcomm.
    CVEReferencesSeveritySubcomponent
    CVE-2021-35097A-209469821 *CriticalClosed-source component
    CVE-2021-35113A-209469998 *CriticalClosed-source component
    CVE-2021-35134A-213239776 *CriticalClosed-source component
    CVE-2022-23960A-238203772 *HighClosed-source component
    CVE-2022-25725A-238101314 *HighClosed-source component
    CVE-2022-25746A-238106983 *HighClosed-source component
    CVE-2022-33252A-250627159 *HighClosed-source component
    CVE-2022-33253A-250627591 *HighClosed-source component
    CVE-2022-33266A-250627569 *HighClosed-source component
    CVE-2022-33274A-250627236 *HighClosed-source component
    CVE-2022-33276A-250627271 *HighClosed-source component
    CVE-2022-33283A-250627602 *HighClosed-source component
    CVE-2022-33284A-250627218 *HighClosed-source component
    CVE-2022-33285A-250627435 *HighClosed-source component
    CVE-2022-33286A-250627240 *HighClosed-source component

    Common questions and answers​

    This section answers common questions that may occur after reading this bulletin.
    1. How do I determine if my device is updated to address these issues?
    To learn how to check a device's security patch level, see Check and update your Android version.
    • Security patch levels of 2023-01-01 or later address all issues associated with the 2023-01-01 security patch level.
    • Security patch levels of 2023-01-05 or later address all issues associated with the 2023-01-05 security patch level and all previous patch levels.
    Device manufacturers that include these updates should set the patch string level to:
    • [ro.build.version.security_patch]:[2023-01-01]
    • [ro.build.version.security_patch]:[2023-01-05]
    For some devices on Android 10 or later, the Google Play system update will have a date string that matches the 2023-01-01 security patch level. Please see this article for more details on how to install security updates.
    2. Why does this bulletin have two security patch levels?
    This bulletin has two security patch levels so that Android partners have the flexibility to fix a subset of vulnerabilities that are similar across all Android devices more quickly. Android partners are encouraged to fix all issues in this bulletin and use the latest security patch level.
    • Devices that use the 2023-01-01 security patch level must include all issues associated with that security patch level, as well as fixes for all issues reported in previous security bulletins.
    • Devices that use the security patch level of 2023-01-05 or newer must include all applicable patches in this (and previous) security bulletins.
    Partners are encouraged to bundle the fixes for all issues they are addressing in a single update.
    3. What do the entries in the Type column mean?
    Entries in the Type column of the vulnerability details table reference the classification of the security vulnerability.
    AbbreviationDefinition
    RCERemote code execution
    EoPElevation of privilege
    IDInformation disclosure
    DoSDenial of service
    N/AClassification not available
    4. What do the entries in the References column mean?
    Entries under the References column of the vulnerability details table may contain a prefix identifying the organization to which the reference value belongs.
    PrefixReference
    A-Android bug ID
    QC-Qualcomm reference number
    M-MediaTek reference number
    N-NVIDIA reference number
    B-Broadcom reference number
    U-UNISOC reference number
    5. What does an * next to the Android bug ID in the References column mean?
    Issues that are not publicly available have an * next to the corresponding reference ID. The update for that issue is generally contained in the latest binary drivers for Pixel devices available from the Google Developer site.
    6. Why are security vulnerabilities split between this bulletin and device / partner security bulletins, such as the Pixel bulletin?
    Security vulnerabilities that are documented in this security bulletin are required to declare the latest security patch level on Android devices. Additional security vulnerabilities that are documented in the device / partner security bulletins are not required for declaring a security patch level. Android device and chipset manufacturers may also publish security vulnerability details specific to their products, such as Google, Huawei, LGE, Motorola, Nokia, or Samsung.

    Versions​

    VersionDateNotes
    1.0January 3, 2022Bulletin Published
  • 58
    13.0.0 (TQ1A.230105.002, Jan 2023)FlashLink34d676ff4d260f02d9ada1f16f24fd7995c9b9ca832410099950d9c510db8793
    13.0.0 (TQ1A.230105.002.A1, Jan 2023, Telstra)FlashLink6632344c9647b04bfce622b0decf3733dfb3bc5c3b2c068ea118f8631c1b39b8

    Android Security Bulletin—January 2023​

    bookmark_border
    Published January 3, 2022
    The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2023-01-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version.
    Android partners are notified of all issues at least a month before publication. Source code patches for these issues will be released to the Android Open Source Project (AOSP) repository in the next 48 hours. We will revise this bulletin with the AOSP links when they are available.
    The most severe of these issues is a high security vulnerability in the Framework component that could lead to local escalation of privilege with no additional execution privileges needed. The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed.
    Refer to the Android and Google Play Protect mitigations section for details on the Android security platform protections and Google Play Protect, which improve the security of the Android platform.
    Note: Information on the latest over-the-air update (OTA) and firmware images for Google devices is available in the January 2023 Pixel Update Bulletin.

    Android and Google service mitigations​

    This is a summary of the mitigations provided by the Android security platform and service protections such as Google Play Protect. These capabilities reduce the likelihood that security vulnerabilities could be successfully exploited on Android.
    • Exploitation for many issues on Android is made more difficult by enhancements in newer versions of the Android platform. We encourage all users to update to the latest version of Android where possible.
    • The Android security team actively monitors for abuse through Google Play Protect and warns users about Potentially Harmful Applications. Google Play Protect is enabled by default on devices with Google Mobile Services, and is especially important for users who install apps from outside of Google Play.

    2023-01-01 security patch level vulnerability details​

    In the sections below, we provide details for each of the security vulnerabilities that apply to the 2023-01-01 patch level. Vulnerabilities are grouped under the component they affect. Issues are described in the tables below and include CVE ID, associated references, type of vulnerability, severity, and updated AOSP versions (where applicable). When available, we link the public change that addressed the issue to the bug ID, like the AOSP change list. When multiple changes relate to a single bug, additional references are linked to numbers following the bug ID. Devices with Android 10 and later may receive security updates as well as Google Play system updates.

    Framework​

    The most severe vulnerability in this section could lead to local escalation of privilege with no additional execution privileges needed.
    CVEReferencesTypeSeverityUpdated AOSP versions
    CVE-2022-20456A-242703780EoPHigh10, 11, 12, 12L, 13
    CVE-2022-20489A-242703460EoPHigh10, 11, 12, 12L, 13
    CVE-2022-20490A-242703505EoPHigh10, 11, 12, 12L, 13
    CVE-2022-20492A-242704043EoPHigh10, 11, 12, 12L, 13
    CVE-2022-20493A-242846316EoPHigh10, 11, 12, 12L, 13
    CVE-2023-20912A-246301995EoPHigh13
    CVE-2023-20916A-229256049EoPHigh12, 12L
    CVE-2023-20918A-243794108EoPHigh10, 11, 12, 12L, 13
    CVE-2023-20919A-252663068EoPHigh13
    CVE-2023-20920A-204584366EoPHigh10, 11, 12, 12L, 13
    CVE-2023-20921A-243378132EoPHigh10, 11, 12, 12L, 13
    CVE-2022-20494A-243794204DoSHigh10, 11, 12, 12L, 13
    CVE-2023-20908A-239415861DoSHigh10, 11, 12, 12L, 13
    CVE-2023-20922A-237291548DoSHigh11, 12, 12L, 13

    System​

    The most severe vulnerability in this section could lead to local escalation of privilege of BLE with no additional execution privileges needed.
    CVEReferencesTypeSeverityUpdated AOSP versions
    CVE-2022-20461A-228602963EoPHigh10, 11, 12, 12L, 13
    CVE-2023-20904A-246300272EoPHigh12L, 13
    CVE-2023-20905A-241387741EoPHigh10
    CVE-2023-20913A-246933785EoPHigh10, 11, 12, 12L, 13
    CVE-2023-20915A-246930197EoPHigh10, 11, 12, 12L, 13

    Google Play system updates​

    The following issues are included in Project Mainline components.
    SubcomponentCVE
    MediaProviderCVE-2023-20912

    2023-01-05 security patch level vulnerability details​

    In the sections below, we provide details for each of the security vulnerabilities that apply to the 2023-01-05 patch level. Vulnerabilities are grouped under the component they affect. Issues are described in the tables below and include CVE ID, associated references, type of vulnerability, severity, and updated AOSP versions (where applicable). When available, we link the public change that addressed the issue to the bug ID, like the AOSP change list. When multiple changes relate to a single bug, additional references are linked to numbers following the bug ID.

    Kernel​

    The most severe vulnerability in this section could lead to remote code execution with no additional execution privileges needed.
    CVEReferencesTypeSeveritySubcomponent
    CVE-2022-42719A-253642087
    Upstream kernel [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14]
    RCECriticalmac80211
    CVE-2022-42720A-253642015
    Upstream kernel [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14]
    RCECriticalWLAN
    CVE-2022-42721A-253642088
    Upstream kernel [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14]
    RCECriticalMultiple Modules
    CVE-2022-2959A-244395411
    Upstream kernel
    EoPHighPipe

    Kernel components​

    The most severe vulnerability in this section could lead to remote code execution with no additional execution privileges needed.
    CVEReferencesTypeSeveritySubcomponent
    CVE-2022-41674A-253641805
    Upstream kernel [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14]
    RCECriticalWLAN
    CVE-2023-20928A-254837884
    Upstream kernel
    EoPHighBinder driver

    Kernel LTS​

    The following kernel versions have been updated. Kernel version updates are dependent on the version of Android OS at the time of device launch.
    ReferencesAndroid Launch VersionKernel Launch VersionMinimum Launch Version
    A-224575820125.105.10.101

    Imagination Technologies​

    This vulnerability affects Imagination Technologies components and further details are available directly from Imagination Technologies. The severity assessment of this issue is provided directly by Imagination Technologies.
    CVEReferencesSeveritySubcomponent
    CVE-2022-20235A-259967780 *HighPowerVR-GPU

    MediaTek components​

    These vulnerabilities affect MediaTek components and further details are available directly from MediaTek. The severity assessment of these issues is provided directly by MediaTek.
    CVEReferencesSeveritySubcomponent
    CVE-2022-32635A-257714327
    M-ALPS07573237 *
    Highgps
    CVE-2022-32636A-257846591
    M-ALPS07510064 *
    Highkeyinstall
    CVE-2022-32637A-257860658
    M-ALPS07491374 *
    Highhevc decoder

    Unisoc components​

    These vulnerabilities affect Unisoc components and further details are available directly from Unisoc. The severity assessment of these issues is provided directly by Unisoc.
    CVEReferencesSeveritySubcomponent
    CVE-2022-44425A-258731891
    U-2028856 *
    HighKernel
    CVE-2022-44426A-258728978
    U-2028856 *
    HighKernel
    CVE-2022-44427A-258736883
    U-1888565 *
    HighKernel
    CVE-2022-44428A-258741356
    U-1888565 *
    HighKernel
    CVE-2022-44429A-258743555
    U-1981296 *
    HighKernel
    CVE-2022-44430A-258749708
    U-1888565 *
    HighKernel
    CVE-2022-44431A-258741360
    U-1981296 *
    HighKernel
    CVE-2022-44432A-258743558
    U-1981296 *
    HighKernel
    CVE-2022-44434A-258760518
    U-2064988 *
    HighAndroid
    CVE-2022-44435A-258759189
    U-2064988 *
    HighAndroid
    CVE-2022-44436A-258760519
    U-2064988 *
    HighAndroid
    CVE-2022-44437A-258759192
    U-2064988 *
    HighAndroid
    CVE-2022-44438A-258760781
    U-2064988 *
    HighAndroid

    Qualcomm components​

    These vulnerabilities affect Qualcomm components and are described in further detail in the appropriate Qualcomm security bulletin or security alert. The severity assessment of these issues is provided directly by Qualcomm.
    CVEReferencesSeveritySubcomponent
    CVE-2022-22088A-231156521
    QC-CR#3052411
    CriticalBluetooth
    CVE-2022-33255A-250627529
    QC-CR#3212699
    HighBluetooth

    Qualcomm closed-source components​

    These vulnerabilities affect Qualcomm closed-source components and are described in further detail in the appropriate Qualcomm security bulletin or security alert. The severity assessment of these issues is provided directly by Qualcomm.
    CVEReferencesSeveritySubcomponent
    CVE-2021-35097A-209469821 *CriticalClosed-source component
    CVE-2021-35113A-209469998 *CriticalClosed-source component
    CVE-2021-35134A-213239776 *CriticalClosed-source component
    CVE-2022-23960A-238203772 *HighClosed-source component
    CVE-2022-25725A-238101314 *HighClosed-source component
    CVE-2022-25746A-238106983 *HighClosed-source component
    CVE-2022-33252A-250627159 *HighClosed-source component
    CVE-2022-33253A-250627591 *HighClosed-source component
    CVE-2022-33266A-250627569 *HighClosed-source component
    CVE-2022-33274A-250627236 *HighClosed-source component
    CVE-2022-33276A-250627271 *HighClosed-source component
    CVE-2022-33283A-250627602 *HighClosed-source component
    CVE-2022-33284A-250627218 *HighClosed-source component
    CVE-2022-33285A-250627435 *HighClosed-source component
    CVE-2022-33286A-250627240 *HighClosed-source component

    Common questions and answers​

    This section answers common questions that may occur after reading this bulletin.
    1. How do I determine if my device is updated to address these issues?
    To learn how to check a device's security patch level, see Check and update your Android version.
    • Security patch levels of 2023-01-01 or later address all issues associated with the 2023-01-01 security patch level.
    • Security patch levels of 2023-01-05 or later address all issues associated with the 2023-01-05 security patch level and all previous patch levels.
    Device manufacturers that include these updates should set the patch string level to:
    • [ro.build.version.security_patch]:[2023-01-01]
    • [ro.build.version.security_patch]:[2023-01-05]
    For some devices on Android 10 or later, the Google Play system update will have a date string that matches the 2023-01-01 security patch level. Please see this article for more details on how to install security updates.
    2. Why does this bulletin have two security patch levels?
    This bulletin has two security patch levels so that Android partners have the flexibility to fix a subset of vulnerabilities that are similar across all Android devices more quickly. Android partners are encouraged to fix all issues in this bulletin and use the latest security patch level.
    • Devices that use the 2023-01-01 security patch level must include all issues associated with that security patch level, as well as fixes for all issues reported in previous security bulletins.
    • Devices that use the security patch level of 2023-01-05 or newer must include all applicable patches in this (and previous) security bulletins.
    Partners are encouraged to bundle the fixes for all issues they are addressing in a single update.
    3. What do the entries in the Type column mean?
    Entries in the Type column of the vulnerability details table reference the classification of the security vulnerability.
    AbbreviationDefinition
    RCERemote code execution
    EoPElevation of privilege
    IDInformation disclosure
    DoSDenial of service
    N/AClassification not available
    4. What do the entries in the References column mean?
    Entries under the References column of the vulnerability details table may contain a prefix identifying the organization to which the reference value belongs.
    PrefixReference
    A-Android bug ID
    QC-Qualcomm reference number
    M-MediaTek reference number
    N-NVIDIA reference number
    B-Broadcom reference number
    U-UNISOC reference number
    5. What does an * next to the Android bug ID in the References column mean?
    Issues that are not publicly available have an * next to the corresponding reference ID. The update for that issue is generally contained in the latest binary drivers for Pixel devices available from the Google Developer site.
    6. Why are security vulnerabilities split between this bulletin and device / partner security bulletins, such as the Pixel bulletin?
    Security vulnerabilities that are documented in this security bulletin are required to declare the latest security patch level on Android devices. Additional security vulnerabilities that are documented in the device / partner security bulletins are not required for declaring a security patch level. Android device and chipset manufacturers may also publish security vulnerability details specific to their products, such as Google, Huawei, LGE, Motorola, Nokia, or Samsung.

    Versions​

    VersionDateNotes
    1.0January 3, 2022Bulletin Published

    Kush M.

    Community Manager•Original Poster


    Google Pixel Update - January 2023​

    Announcement
    Hello Pixel Community,

    We have provided the monthly software update for January 2023. All supported Pixel devices running Android 13 will receive these software updates starting today. The rollout will continue over the next few weeks in phases depending on carrier and device. Users will receive a notification once the OTA becomes available for their device. We encourage you to check your Android version and update to receive the latest software.

    Details of this month’s security fixes can be found on the Android Security Bulletin: https://source.android.com/security/bulletin

    This update also includes support for static spatial audio, which will provide surround sound for any connected headset. Another update will roll out to Pixel Buds Pro in the coming weeks that will enable spatial audio with head tracking.

    Thanks,
    Google Pixel Support Team


    Software versions

    Global
    • Pixel 4a: TQ1A.230105.001
    • Pixel 4a (5G): TQ1A.230105.001
    • Pixel 5: TQ1A.230105.001
    • Pixel 5a (5G): TQ1A.230105.001
    • Pixel 6: TQ1A.230105.002
    • Pixel 6 Pro: TQ1A.230105.002
    • Pixel 6a: TQ1A.230105.001.A2
    • Pixel 7: TQ1A.230105.001.A2
    • Pixel 7 Pro: TQ1A.230105.002

    Canada
    • Pixel 4a: TQ1A.230105.001.B1

    Telstra (AU)
    • Pixel 7: TQ1A.230105.001.A3
    • Pixel 7 Pro: TQ1A.230105.002.A1
    What’s included

    The January 2023 update includes bug fixes and improvements for Pixel users – see below for details.

    Audio
    • Add support for Spatial Audio with certain devices and accessories *[1]

    Biometrics
    • Additional improvements for fingerprint recognition and response in certain conditions *[2]

    Bluetooth
    • Fix for issue occasionally preventing certain Bluetooth Low Energy devices or accessories from pairing or reconnecting
    • Fix for issue preventing audio from playing over certain headphones or accessories while connected in certain conditions

    Camera
    • Fix for issue occasionally causing captured photos to appear corrupted or distorted while zoomed in *[3]

    Display & Graphics
    • Fix for issue occasionally preventing display from waking or appearing turned off while device is powered on *[3]

    User Interface
    • Fix for issue occasionally causing UI to display in landscape layout while device is held in portrait mode
    ---------------------------------------------------------------

    Device Applicability

    Fixes are available for all supported Pixel devices unless otherwise indicated below.

    *[1] Included on Pixel 6, Pixel 6 Pro, Pixel 7, Pixel 7 Pro
    *[2] Included on Pixel 6a, Pixel 7
    *[3] Included on Pixel 7, Pixel 7 Pro

    Details
    Other

    The answer to life, the universe, and everything.​

    1667221900824.jpeg
    (* I do not claim copyright to this image, nor do I benefit monetarily from it or these posts)

    Just kidding (the answer is 42, by the way):
    Here there be dragons. 🐉 I am not responsible for anything at all. 😹

    VERY IMPORTANT - On the Pixel 7/Pro, we use Magisk to patch init_boot.img, NOT boot.img AND we flash the patched init_boot to the init_boot partition - do not flash it to the boot partition.​

    Thanks to @edcsxz, @Lughnasadh, and @AndyYan for news about that and confirming it.

    Moved @mariusnoor's provided zero-day OTA.zip to Post #8 - Old news from the OP.

    Unlocking or locking the bootloader will wipe the device every single time, so be sure to have your data backed up before doing so, or better yet, just unlock it as soon as you get the device.​

    Keep in mind that unlocking the bootloader or rooting might affect your phone's capability to use banking apps such as Google Pay, your local bank's app, or even the ability to install some apps like NetFlix. See Post #2 - Unlocking Bootloader / Rooting / Updating | SafetyNet | ADB/Fastboot & Windows USB Drivers.​

    If you're going to re-lock the bootloader, make sure the ROM you have on your phone is completely stock (by flashing the latest official firmware) BEFORE re-locking it.​

    There are no permanent negative consequences if you unlock or re-lock the bootloader other than it will wipe your phone, and while your bootloader is unlocked you get a brief screen when you boot the phone telling you (and anyone who sees your phone at the time) that it's unlocked. You will also continue to receive updates (if you've merely unlocked the bootloader, you can take updates as normal) unlike Samsung, Sony, et cetera, which have permanent major consequences with reduced functionality even if you un-root and re-lock your bootloader. If you're actually rooted (not just bootloader unlocked), you'll have to perform extra steps to manually update each month, and to keep root/re-root.

    INDEX:

    • Post #2 - Unlocking Bootloader / Rooting / Updating | SafetyNet | ADB/Fastboot & Windows USB Drivers:
      • How to Root the first time / aka How to unlock the Bootloader
      • TL;DR - for the seasoned repeat users
        • Unlocking Bootloader (required in order to root)
        • How to update each month (and also how to root)[requires an unlocked bootloader for updating via this factory image method]
          • OPTIONAL: If you want to flash both slots, after this first time, then after do the following
        • SafetyNet
        • Optional steps when updating - flashing custom kernels
          • The two schools of thought on disabling Verity and Verification
      • ADB/Fastboot and Windows USB Drivers - direct download links and the most recent changelog
    • Post #3 - Other, most important resources:
      • A list of other important apps
      • TWRP [not made for the Pixel 7 (or 6) Pro yet - will update when or if ever it has - don't hold your breath]
      • Factory Images (requires an unlocked bootloader)
      • Full OTA Images(doesn't require an unlocked bootloader - you can ask questions in this thread, but I won't be providing the steps necessary, as I always use the factory image)
        • @mariusnoor's provided official URL to download the zero-day OTA to TD1A.220804.031.
      • Check warranty status
      • Official Google Pixel Update and Software Repair (reported as of January 23, 2022 to still not be updated for the Pixel 6/Pro - no idea if it has yet now, or if it will be for the 7/Pro)
      • Official Google Pixel Install fingerprint calibration software (also available at the bottom of the Update and Software Repair page above) - I believe this is only helpful if you've replaced the screen - if it's anything like the Pixel 6 Pro: if you have the screen replaced, then you *must* have the fingerprint reader replaced as well.
      • Find problem apps, Magisk, and LSposed Modules by (three different methods)
      • Official Google Android Flash Tool (OEM Unlocking needs to be toggled on - you do not have to manually unlock the bootloader - their site will do that on its own)
      • How to determine if you already have Verity and Verification disabled (required for custom kernels for now)
      • How to unroot
    • Post #4 - Google Pixel Updates (more user-friendly to read than Pixel Update Bulletins) (nothing for the P7P yet)
      • Old Google posts/updates
    • Post #5 - Pixel Update Bulletins
      • Old Bulletins
    • Post #6 - Regarding P7P 5G model numbers and capabilities, and how to determine your hardware version
    • Post #7 - My personal advice for how to get your device back up and running as you had it before a factory reset
    • Post #8 - Old news from the OP

    Thank you to the following users who have all contributed greatly to my knowledge of Pixels since I came back to XDA a year ago after a few years of mostly inactivity. Apologies if I miss anybody. In alphabetical order:

    39

    Unlocking Bootloader / Rooting / Updating | SafetyNet | ADB/Fastboot & Windows USB Drivers


    Unlocking Bootloader / Rooting / Updating:

    How to Root the first time / aka How to unlock the Bootloader:
    Unlocking the bootloader will factory reset your device. There is no way around this. I highly suggest never re-locking your bootloader once you unlock it. If you do ever re-lock the bootloader, only do so after restoring the phone to 100% stock by using the latest Pixel 7 Pro Factory Image or Official Google Android Flash Tool.

    Verizon variants:
    Will never be able to have their bootloader unlocked. It's like winning the lottery, and just as rare and relatively random. There is nothing that anyone on XDA can do to help you unlock your Verizon variant.

    T-Mobile and AT&T variants:
    Can be unlocked once you pay the phone off, then you contact the carrier and arrange to Carrier unlock the phone. Once the phone is Carrier unlocked, then you can unlock the bootloader with the usual caveats (will wipe the device and there's no way around it).

    The direct-from-Google (or other retailers who aren't U.S. Carriers), the factory Carrier Unlocked Pixels:
    Can be bootloader unlocked at any time. I'd try it first before putting a SIM card in the phone. If OEM unlocking is grayed out, try connecting to Wi-Fi, and reboot if necessary. If it's still grayed out, try with your SIM card, and reboot again. Historically on Pixels, most of the time you can toggle OEM unlocking immediately, but occasionally some users have found it took a little while after being either connected to Wi-Fi or having your SIM card installed in it, and then eventually (hours? day? days?) you can toggle OEM unlocking.

    The rest of the world's carriers:
    No idea. Feel free to ask in the thread and hopefully, someone with specific knowledge will answer.

    Other than trying the things I mentioned above, there is nothing else that anyone on XDA can do to help get OEM unlocking to be ungrayed.

    Unlocking Bootloader (required in order to root)
    The one-time first steps are:
    1. Android Settings
    2. About phone
    3. Click on Build number repeatedly, about seven times
    4. Go back to the main Android Settings
    5. System
    6. Developer options
      • Toggle OEM unlocking on. See @Namelesswonder's tip below (this won't help with variants that are supposed to be bootloader locked):
        Also a little tip for anyone trying to enable OEM unlocking on a device and it is grayed out, you can force the phone to check for eligibility by connecting to the internet in whatever way, going to the dialer, and dialing *#*#2432546#*#* (CHECKIN).
        You should receive a notification from Google Play services with "checkin succeeded" and OEM unlocking should be available immediately if the device is eligible.
        Google account not needed, SIM not needed, no other setup required. Works on completely-skipped-setup-wizard. Just need to make sure to connect to the internet and select the connection as metered to avoid any updates.
      • Toggle USB debugging on.
      • [Optional] I highly suggest you also disable Automatic system updates. Note that in a situation such as the Android 12 serious bootloader security issue, this setting will not keep Google from forcing an update to come through anyway.
    7. How to actually root follows the same steps below as how to update each month.
    8. Download the latest ADB/Fastboot (SDK Platform Tools) and Windows USB Drivers.
    9. Unzip the Platform Tools and Drivers.
    10. NOTE: If you have USB drivers for other Android devices installed, like Samsung, they can alternately sometimes work and not work with Google Pixels. I recommend uninstalling those drivers, or at least updating that driver to Google's driver as instructed below (the Device Manager entry may be different with other OEMs).​

    11. The Windows USB Drivers may have to be installed twice:
      • The first time while your phone is running and unlocked as normal.
        1. In Windows, right-click on the Start Button and choose Device Manager.
        2. Plug your phone into the computer and look for the new hardware entry in Device Manager. Near the top of Device Manager should be Android Device. Click the drop-down arrow to the left of it.
        3. Below Android Device, it should now show Android Composite ADB Interface
        4. Right-click the Android Composite ADB Interface and choose Update driver
        5. Choose Browse my computer for drivers
        6. Click Browse and navigate to where you unzipped the Windows USB drivers to.
        7. Follow the prompts to install the driver.
        8. Keep Device Manager itself open - you'll need it again in a minute, but you can close any other Device Manager windows after you have installed the driver.
        9. Open a Command Prompt and navigate to the platform-tools folder.
        10. Run command:
          Code:
          adb devices
        11. On your Android device, you'll get an ADB prompt. Check the box to always give ADB permission and click OK.
        12. Confirm that the command results in a list of Android devices. When doing these producedures, you should only have the one device you want to work on connected, to keep things simple.
      • The second time to install the driver is while the phone is in Bootloader (fastboot mode), notFastbootD (fastbootd) mode. I know it's confusing.
        • Run command:
          Code:
          adb reboot bootloader
        • Repeat the instructions above starting with "Right-click the Android Composite ADB Interface".
          • This second time installing the drivers while in Bootloader (fastboot mode), it will show up as "Android Bootloader Interface". Thanks @simplepinoi177 for the suggestion to add this detail.
    12. Run command:
      Code:
      fastboot flashing unlock
    13. On the phone, press either the up or down volume button once until you see Unlock the bootloader |>| beside the power button.
    14. Press the power button. The phone will go black for a second and then show near the bottom Device state: unlocked.
    15. After these first-time steps to unlock the bootloader, if you want to root, continue below at the step:
    How to update each month (and also how to root) [requires an unlocked bootloader for updating via this factory image method]
    1. These three instructions only apply if you're already rooted and updating from one firmware version to another:
      • Made sure all Magisk Modules have been updated.
      • Disable all Magisk Modules.
      • UNhide Magisk!
    2. If you are going to use the Official Google Android Flash Tool, then skip the steps I indicate with FAB(Flash-All.Bat).
      • If using the Android Flash Tool to update/dirty flash, you should have the following items notselected:
        • Deselect Wipe
        • Deselect Force Flash all partitions (which will also wipe)
        • Deselect re-lock bootloader
    3. Always use the latest ADB/Fastboot (SDK Platform Tools) and Windows USB Drivers.
    4. Unzip the Platform Tools.
    5. Download the latest Pixel 7 Pro Factory Image (at the bottom of the "Cheetah" section).
    6. Unzip the factory image to the same platform-tools folder, i.e. so that flash-all.bat and all other files are in the same folder as ADB and Fastboot from the platform-tools.
    7. * FAB VERY important - Edit the flash-all.bat (on Windows) or flash-all.sh (on Linux) and remove the -w from the fastboot update image-cheetah-etcetera.zip line. This will keep the script from wiping your phone when you run it.
    8. Extract only the init_boot.img file from the image-cheetah-etcetera.zip to the same platform-tools folder.
    9. Copy the init_boot.img from the PC to the phone's internal storage.
    10. * FAB Run commands:
      Code:
      adb reboot bootloader
      flash-all.bat (on Windows)
      or
      flash-all.sh (on Linux)
      
      (Note:  At least two Apple Macintosh users had trouble using the flash-all.sh - at least one of those users, everything went smooth once they used a Windows PC for this part of the process)

      IMPORTANT - The flash-all will take several minutes and reboot on its own several times including to a mode called "FastbootD", and finally reboot into full Android when it's done. Do not interrupt this process. On the FastbootD screen on the phone, do not use any of the manual selection options - let the flash-all script do it's work. Do not unplug your phone until it has fully booted into Android.​

      Thanks to @PurppleMonkey and @xgerryx for suggesting a warning about this. Thanks to @simplepinoi177 for suggesting the "FastbootD" clarification.
    11. On the phone:
      • Wait for the phone to boot normally. Unlock the phone.
      • OPTIONAL: If you want to flash both slots, after this first time, then after do the following:

        • Code:
          adb reboot bootloader
          fastboot --set-active=other
          flash-all.bat
        So you're doing the flash-all.bat a second time on the second slot.
      • Apply Magisk Stable to it. NOTE: It is always possible that an Android Update (Monthly, QPR [Quarterly Platform Release], new major Android versions, and Beta versions) might need a new version of Magisk Stable, Beta, or Canary from GitHub to work correctly. XDA forum for Magisk is here.
        • Launch the Magisk app.
        • Beside "Magisk", click "Install".
        • Click "Select and Patch a File", and choose the init_boot.img that you just copied to the phone's storage.
    12. Copy the Magisk'd init_boot.img (filename similar to magisk_patched-25200_1a2B3c.img)back over to the computer.
    13. Open a Command Prompt and navigate to the platform-tools folder.
    14. Run command:
      Code:
      adb reboot bootloader
    15. After phone has rebooted into Bootloader (Fastboot) mode, run command:
      Code:
      fastboot flash init_boot magisk_patched-25200_1a2B3c.img
      fastboot reboot
    16. Confirm that the phone boots completely normally.
    17. Cautiously re-enable Magisk Modules.
    18. Reboot.
    19. Confirm everything worked fine.
    20. If the phone won't boot correctly after having enabled Magisk Modules, see either of the two solutions below:
      • For the future, you don't need to go into safe mode unless that's your preference. I forgot what all it resets, but it's many settings and it's bothersome. I'd rather just reinstall my modules and not have to figure out those Android settings/changes which I come across days or weeks later when I infrequently do something. Have your phone reboot and run this:
        Code:
        adb wait-for-device shell magisk --remove-modules
        I like to just do this first:
        Code:
        adb devices
        So the server is running, then I have the long one pasted and ready to go once the phone turns off.
      • Find problem apps, Magisk, and LSposed Modules by (three different methods) section in my next post. After following that link, you may have to scroll up a little bit and the section title will be highlighted.

    SafetyNet:

    New Official Universal SafetyNet Fix released by @kdrag0n v2.4.0 available at XDA
    1. Launch the Magisk app.
    2. Go to Magisk's Settings (Gear in top right).
      • Click Hide the Magisk app.
      • When you hide it, you'll have the optional opportunity to change the Magisk app's name to whatever you wish. It doesn't have to be complex to fool apps that check for Magisk.
      • Important: When you have the Magisk app hidden or renamed, you can accidentally install a new copy of Magisk. This situation won't work at all - neither copy of Magisk will work with two installed. This is one reason why I don't completely hide Magisk, so I can tell it's installed because I have it renamed as something easily recognizable.
      • Back to the Magisk app's Settings...
      • Click Systemless hosts. This adds a Magisk Module to Magisk, which you can verify in a later step.
      • Toggle Zygisk on.
      • Toggle Enforce DenyList on.
      • Click Configure DenyList.
        • Add every app that you want to explicitly deny root and the existence of root.
        • You can click the 3-dot menu and choose the options to display system and/or OS apps, if necessary.
        • Note that for many apps, it is not enough to click the single checkmark to the right of the app name in this list. For many but not all apps, you should click on the app name and you'll see it expand to two or more entries, each with its own toggles. In this expanded state, you can now check the single top checkbox beside the main app name and it'll toggle all individual sub-entries.
        • Some apps add new entries to this list from time to time, so if you find that an app used to work for you when rooted and doesn't now, check this list again and look for the entries that aren't fully checked. There will be an incomplete horizontal line above the apps that don't have all of their sub-entries toggled.
        • You can use the Search button at the top of this list to find specific apps quickly.
        • The most common apps you should definitely fully check in this list are:
          • IMPORTANT - There are some things, such as Google Play Services which it's fine to add to the DenyList, but it's perfectly normal when used in combination with the Universal SafetyNet Fix (USNF) that it is back to being unchecked the next time you visit the DenyList. Since USNF takes care of Google Play Services, you don't even have to add it to the DenyList in the first place.​

          • Google Play Store
          • Google Services Framework
          • Google Play Protect Service
          • Wallet
          • GPay
          • Any banking apps.
          • Any streaming apps that use DRM.
          • Any 2FA apps, especially those for work.
          • Some of those Google apps might not need denying, but it doesn't hurt to deny them.
          • Any time you toggle more entries in this list, it may be necessary to reboot the phone for it to take effect.
    3. From the main screen in the Magisk app, go to Modules at the bottom.
    4. Confirm that the Systemless hosts Magisk Module is added to this list, and enabled.
    5. Install the Magisk Module: Universal SafetyNet Fix. New Official Universal SafetyNet Fix released by @kdrag0n v2.4.0 available at XDA.
    6. Reboot.
    7. Install from the Play Store:
      • YASNAC - SafetyNet Checker
        • Launch it.
        • Click Run SafetyNet Attestation.
        • It should say:
          • Basic integrity: Pass
          • CTS profile match: Pass
          • Evaluation type: BASIC
      • Play Integrity API Checker
        • Launch it.
        • Click Check.
        • It should have the following with a green checkmark:
          • MEETS_DEVICE_INTEGRITY
          • MEETS_BASIC_INTEGRITY
        • It's normal for MEETS_STRONG_INTEGRITY to have a red X.
      • You don't have to keep these installed, although I keep them handy.
      • Sometimes, clearing app cache and/or data for apps like the Google Play Store, GPay, Wallet and others (and then rebooting) after these steps may help pass SafetyNet as well.
    8. See @V0latyle's explanation (and further linked post) for why we can't achieve STRONG_INTEGRITY with an unlocked bootloader.
    9. See @V0latyle's [DISCUSSION] Play Integrity API regarding why SafetyNet, per se, is actually defunct and replaced with Play Integrity - and New Official Universal SafetyNet Fix released by @kdrag0n v2.4.0 referenced in the steps above takes care of the latter.

    Optional steps when updating - flashing custom kernels:
    • Download the custom kernel of choice on the phone.
      • Be sure to read the particular installation instructions in the kernel threads' OP - any instructions in their OPs takes priority over anything I say here, which is generalized.​

        For now even the AK3 Zip versions of custom kernels requires Verity and Verification to be disabled.
        How to determine if you already have Verity and Verification disabled - see section in Post #3 - Other, most important resources
      • The two schools of thought on disabling Verity and Verification:
        • My post here. If you want to discuss it any, please do so in my thread, or at least not in that custom kernel thread, so as to keep the thread on-topic.
    • Extract the vbmeta.img file from the inner Zip of the factory image zip and put it in the same folder with the latest extracted platform-tools.
    • Hook the phone up to your computer and run the following commands:

      • Code:
        adb reboot bootloader
        [wait for the phone to reboot to bootloader (fastboot mode)]
        Code:
        fastboot flash vbmeta vbmeta.img --disable-verity
        fastboot reboot
    • Unlock the phone once it's booted up.
    • Make sure the Kernel Flasher app is up to date. XDA thread for the Kernel Flasher app is here.
    • Launch Kernel Flasher.
    • Select the slot that's mounted.
    • Choose Flash AK3 Zip.
    • Select the custom kernel zip just downloaded.
    • When it's done flashing, head to Android Settings and perform a Factory Reset, as is currently needed for Despair kernel.
    • If you failed to disable Verity and Verification ahead of time, if you have to, just force the phone off using these instructions: Turn your Pixel phone on & off, then press the Volume Down and Power buttons for a couple of seconds to get into the bootloader (fastboot mode). You'll still have to factory reset after disabling Verity in combination with this kernel, for now.
    • Whenever you use the flash-all to flash your phone, as long as you want to continue to disable Verity and Verification, you'll have to further modify the flash-all script as such:

      • Code:
        fastboot update image-cheetah-buildnumber.zip --disable-verity --disable-verification

    ADB/Fastboot & Windows USB Drivers:

    Platform Tools was updated in August 2022 to v33.0.3:
    Windows: https://dl.google.com/android/repository/platform-tools-latest-windows.zip
    Mac: https://dl.google.com/android/repository/platform-tools-latest-darwin.zip
    Linux: https://dl.google.com/android/repository/platform-tools-latest-linux.zip

    Release Notes https://developer.android.com/studio/releases/platform-tools:

    33.0.3 (Aug 2022)​

    • adb
      • Don't retry adb root if first attempt failed.
      • Fix track-devices duplicate entry.
      • Add receive windowing (increase throughput on high-latency connections).
      • More specific error messages in the "more than one device" failure cases.
      • Reject unexpected reverse forward requests.
      • Fix install-multi-package on Windows.
    • fastboot
      • Remove e2fsdroid as part of SDK platform-tools.
      • Print OemCmdHandler return message on success.
    You'll need this if you're going to unlock the bootloader on your Pixel 7 Pro: SDK Platform Tools (download links for Windows, Mac, and Linux). Note that you can find links to download the tools elsewhere, but I wouldn't trust them - you never know if they've been modified. Even if the person providing the link didn't do anything intentionally, the tools could be modified without them being aware. Why take a chance of putting your phone security further at risk?

    You can alternately use the tools from the SDK Manager, but most of us will want to stick to the basic tools-only without the complications of the full development manager.
    For Windows, get Google's drivers here Get the Google USB Driver (ADB will likely work while the phone is fully booted, but if you're like me, you'll need these drivers for after you adb reboot-bootloader, to be able to use ADB and Fastboot.
    33
    Please test this UNSF build. Should be passing basic/device integrity.

    Use updated version from main post instead
    22
    I would expect that once 2.4.0 is released publicly, we should probably go back to using the official release, but conversely, as long as something works for you, there's also not necessarily a need to fix what isn't broken. Personally, I plan on switching once it's made completely public.

    Note that @Displax wasn't trying to replace the official version - they always kept it the same version as the most recent official along with "Mod", "Mod 2", or "Mod 2.1", so that suggests to me they were merely making temporary workarounds until/if the official was updated.
    Indeed. My MOD is a temporary solution until kdrag0n release accurate fix.

    I didn't change the update channel in the module on purpose so that everyone can upgrade to the new official version automatically without any problems.
    17

    Other, most important resources


    A list of other important apps: - be sure to thank the respective OPs:
    How to unroot
    One of these two options:
    1. Official Google Android Flash Tool (OEM Unlocking needs to be toggled on - you do not have to manually unlock the bootloader - their site will do that on its own).
      Select the options to:
      • Wipe
      • Force flash all partitions
      • Re-lock bootloader
    2. Flash the completely stock init_boot.img from the same firmware version that you're on:
      Code:
      adb reboot bootloader
      fastboot flash init_boot init_boot.img

    TWRP [not made for the Pixel 7 (or 6) Pro yet - will update when or if ever it has - don't hold your breath]
    I would guess that this should be the appropriate URL for official TWRP custom recovery for the Pixel 7 Pro, but who knows when/if that will actually be made available, and it may become available unofficially in these forum sections before being made official. I'll adjust this URL as needed. https://twrp.me/google/googlepixel7pro.html.

    Factory Images (requires an unlocked bootloader)
    It's also handy to have to the full official firmware available, whether it's to recover from accidents or for actual development. Note the official link to the general Factory Images for Nexus and Pixel Devices page. The following link goes directly to the Pixel 7 Pro (Cheetah) section: Pixel 7 Pro Factory Images. I prefer to actually bookmark a link to the device listed immediately below the device I want the firmware for, because Google dumbly (in my opinion) puts the latest firmware at the bottom of the list for each particular device, and that ends up making you scroll a lot after a year or two of monthly updates.

    Full OTA Images (doesn't require an unlocked bootloader - you can ask questions in this thread, but I won't be providing the steps necessary, as I always use the factory image)

    Check warranty status - *may* reveal if a phone is refurbished, only if the phone was refurbished through Google - thanks to @Alekos for making me aware of the site.

    Official Google Pixel Update and Software Repair (reported as of January 23, 2022 to still not be updated for the Pixel 6/Pro - no idea if it has yet now, or if it will be for the 7/Pro)

    Official Google Pixel Install fingerprint calibration software (also available at the bottom of the Update and Software Repair page above) - I believe this is only helpful if you've replaced the screen - if it's anything like the Pixel 6 Pro: if you have the screen replaced, then you *must* have the fingerprint reader replaced as well.

    Find problem apps, Magisk, and LSposed Modules by (three different methods):
    1. Google's Help Page for Find problem apps by rebooting to safe mode - this can be a lifesaver and keep you from having to do a restore to 100% complete stock or even from having to do a factory reset. This will deactivate all Magisk modules, and they'll remain deactivated even after you boot normally after briefly booting to safe mode. You can re-enable the Magisk modules as you wish to try to narrow down the problem if it was caused by a Magisk module. This can even get things working again after a Magisk Module wasn't finished installing and potentially causing a bootloop.
    2. You can also follow @Jon8RFC's advice:
      For the future, you don't need to go into safe mode unless that's your preference. I forgot what all it resets, but it's many settings and it's bothersome. I'd rather just reinstall my modules and not have to figure out those Android settings/changes which I come across days or weeks later when I infrequently do something. Have your phone reboot and run this:
      Code:
      adb wait-for-device shell magisk --remove-modules
      I like to just do this first:
      Code:
      adb devices
      So the server is running, then I have the long one pasted and ready to go once the phone turns off.
      Worked for me yesterday when I accidentally tried some old version of a Magisk Module. You have to reinstall your Magisk Modules, but if you're using a third-party widget, it won't disable them like Safe mode does.
    3. (May only be for mis-behaving LSposed modules):
      In the future try this

      adb wait-for-device shell su -c "touch /data/adb/modules/zygisk_lsposed/disable"
      adb reboot

      Official Google Android Flash Tool (OEM Unlocking needs to be toggled on - you do not have to manually unlock the bootloader - their site will do that on its own)
      OEM unlocking in developer options needs to be toggled on. I don't "believe" you have to actually do the "fastboot flashing unlock" command.

      How to determine if you already have Verity and Verification disabled (required for custom kernels for now)
      I keep seeing this asked, so I added a Magisk module for it to the linked Github release. With the module installed, you can just run:

      Code:
      su
      avbctl get-verity
      avbctl get-verification

      I spent way more time debugging that I downloaded Github's HTML of the update-binary script rather than the raw file than I care to admit. 🤦‍♂️ Off to bed.
      Alternative two more manual ways of checking:
      Since you´re probably already rooted anyway if you plan to flash this kernel, simply reboot your device. After you enter the device immediately take a kernel log with for example EXKM or any other app that allows to do that, terminal, etc.

      Look for that line
      [ 1.273480] init: [libfs_avb]AVB HASHTREE disabled on: /vendor_dlkm

      If you see this line, verity/verification should be disabled.
      I've seen several cases where having the ability to check would have been handy, so I pushed an avbctl binary built against the latest aosp sources here.

      The simplest way to use it would be the following:

      Code:
      adb push avbctl /data/local/tmp
      adb shell
      su
      cd /data/local/tmp
      chmod +x avbctl
      ./avbctl get-verity
      ./avbctl get-verification